Version 0.999.4

README.md

@@ -1,6 +1,6 @@
 # Hostsblock
 
-An **ad-blocking** and **malware-blocking** script for *Linux*
+An **ad-** and **malware-blocking** script for *Linux*
 
 ## Description
 
@@ -18,6 +18,9 @@ contained in that website.
 
 ## Features
 
+*   **NEW: Enhanced security** - Runs as an unpriviledged user instead of
+  root.
+
 *   **System-wide blocking** - *All non-proxied* connections use the HOSTS
   file (Proxied connections can be modified to use the HOSTS file)
 
@@ -31,7 +34,7 @@ contained in that website.
   **redirection**, **post-processing scripting**, *etc.*
 
 *   **Bandwith-efficient** - *Only* downloads blocklists that have been changed,
-  using *compression* when available.
+  using *http compression* when available.
 
 *   **Resource-efficient** - *Only* processes blocklists when changes are
   registered, uses *minimal pipes*.
@@ -51,7 +54,8 @@ contained in that website.
 *   [GNU bash](http://www.gnu.org/software/bash/bash.html)
 *   [GNU sed](http://www.gnu.org/software/sed)
 *   [GNU grep](http://www.gnu.org/software/grep/grep.html)
-*   [GNU coreutils](http://www.gnu.org/software/coreutils).
+*   [GNU coreutils](http://www.gnu.org/software/coreutils)
+*   [GNU gzip](https://www.gnu.org/software/gzip/) (or [pigz](http://www.zlib.net/pigz/) for multi-core systems)
 
 ### Optional dependencies for **additional features**
 
@@ -71,26 +75,28 @@ speed up page resolution on blocked domains:
 *   [kwakd](https://github.com/fetchinson/kwakd/) (recommended)
 *   [pixelserv](http://proxytunnel.sourceforge.net/pixelserv.php)
 
-**Compressors** to compress backup files and the annotation database:
-
-*   [gzip](http://www.gnu.org/software/gzip/)
-*   [pigz](http://www.zlib.net/pigz/)
-
 ## Installation
 
-First download the archive [here](https://github.com/gaenserich/hostsblock/archive/master.zip) or with curl like so: `curl -O "https://github.com/gaenserich/hostsblock/archive/master.zip"`
-
-Unzip the archive, e.g. `unzip hostsblock-master.zip`
-
 ### Arch Linux
 
-`cd hostsblock-master/pkg; makepkg -Acsir`
+If you have yaourt installed: `yaourt -S hostsblock` or `yaourt -S hostsblock-git`
 
 Or use one of the *AUR* packages:
 [hostsblock](https://aur.archlinux.org/packages/hostsblock/),
 [hostsblock-git](https://aur.archlinux.org/packages/hostsblock-git/)
 
-### For others
+**Don't forget** to *enable* and *start* the systemd timer with:
+`systemctl enable --now hostsblock.timer`
+
+### For Other Linux Distros (The Easy Way)
+
+First download the archive [here](https://github.com/gaenserich/hostsblock/archive/master.zip) or with curl like so: `curl -O "https://github.com/gaenserich/hostsblock/archive/master.zip"`
+
+Unzip the archive, e.g. `unzip hostsblock-master.zip`
+
+Execute the `install.sh` script, which will guide you through installation.
+
+### For Any Others (The Hard Way)
 
 ```sh
 install -Dm755 hostsblock.sh /usr/sbin/hostsblock
@@ -102,37 +108,124 @@ install -Dm644 hosts.head /etc/hostsblock/hosts.head
 ```
 
 **Don't forget** to *enable* and *start* the systemd timer with:
-`systemctl enable --now hostsblock.timer `
-
-Refer to the *man pages* for more info about hostsblock's **usage**.
-(Currently useless! see  [#19](https://github.com/gaenserich/hostsblock/issues/19))
+`systemctl enable --now hostsblock.timer`
 
 ## Configuration
 
-All the Hostsblock configuration is done in the [`hostsblock.conf`][conf].
+All the hostsblock configuration is done in the [`hostsblock.conf`][conf].
 This file is commented really well, so please read through it before first use.
 
-### Dnsmasq
+By default, hostsblock does not write to /etc/hosts or manipulate any dns caching daemons.
+Instead, it will just compile a hosts-formatted file to /var/lib/hostsblock/hosts.block.
+To make this file actually work, you have one of two options:
+
+### OPTION 1: Using a DNS Caching Daemon (Here: dnsmasq)
 
-To use Hostsblock together with Dnsmasq, configure Dnsmasq as DNS caching daemon.
+Using a DNS caching daemon like dnsmasq offers (theoretically) better performance.
+
+To use hostsblock together with dnsmasq, configure dnsmasq as DNS caching daemon.
 Please refer to your distribution's manual. For ArchLinux read the following:
 [Wiki section](https://wiki.archlinux.org/index.php/dnsmasq#DNS_cache_setup).
 
 #### hostsblock.conf
 
-In the *FINAL HOSTSFILE* section, enable `hostsfile="/etc/hosts.block`.
+Edit the hostsblock.conf file (by default under `/var/lib/hostsblock/hostsblock.conf`)
+
+In the *POSTPROCESSING SUBROUTINE* section comment out:
+
+```conf
+postprocess() {
+    true
+}
+```
 
-In the *POSTPROCESSING SUBROUTINE* section enable:
+And uncomment (that is, remove the '#'s from in front of):
 
 ```conf
-postprocess(){
-    systemctl restart dnsmasq.service # For dnsmasq under systemd
+postprocess() {
+    sudo systemctl reload dnsmasq.service
 }
 ```
 
 #### dnsmasq.conf
 
-Set `addn-hosts=` to `addn-hosts=/etc/hosts.block`
+Edit `dnsmasq.conf` (e.g. /etc/dnsmasq.conf).
+
+Set `addn-hosts=` to `addn-hosts=/var/lib/hostsblock/hosts.block`
+
+#### sudoers
+
+Edit `sudoers` by typing `sudo visudo`. Add the following line to the end:
+`hostsblock              ALL     =       (root)  NOPASSWD:       /usr/bin/systemctl reload dnsmasq.service`
+
+### OPTION 2: Copy /var/lib/hostsblock/hosts.block to /etc/hosts
+
+It is possible to make hostsblock copy its generated file over to /etc/hosts, just make sure that you configure `hostshead` in hostsblock.conf to make sure you don't remove the default system loopback address(es).
+
+#### hostsblock.conf
+
+Edit the hostsblock.conf file (by default under `/var/lib/hostsblock/hostsblock.conf`)
+
+In the *POSTPROCESSING SUBROUTINE* section comment out:
+
+```conf
+postprocess() {
+    true
+}
+```
+
+And uncomment (that is, remove the '#'s from in front of):
+
+```conf
+postprocess() {
+    sudo cp -f $_v "$hostsfile" /etc/hosts
+}
+```
+
+#### sudoers
+
+Edit `sudoers` by typing `sudo visudo`. Add the following line to the end:
+`hostsblock	ALL	=	(root)	NOPASSWD:	/usr/bin/cp`
+
+#### Usage
+
+hostsblock now executes as an unpriviledged user (instead of root). If you need to execute it outside of systemd, this means that you must use sudo, e.g.:
+`sudo -u hostsblock hostsblock`
+
+To allow other users to manually execute hostsblock (and also hostsblock-urlcheck), edit `sudoers` by typing `sudo visudo` and add the following line to the end:
+`jake	ALL	=	(hostsblock)	NOPASSWD:	/usr/bin/hostsblock,/usr/bin/hostsblock-url`
+Replacing "jake" with whatever user you want to execute hostsblock from.
+
+### hostsblock [OPTIONS] - generate a HOSTS file with block and redirection lists
+
+Without the `-c URL` option, hostsblock will check to see if its monitored blocklists have changed. If it detects changes in them (or if forced by the `-u` flag), it will download the changed blocklist(s) and recompile the target HOSTS file.
+
+```
+Help Options:
+  -h                            Show help options
+
+Application Options:
+  -f CONFIGFILE                 Specify an alternative configuration file (instead of /var/lib/hostsblock/hostsblock.conf)
+  -q                            Only show fatal errors
+  -v                            Be verbose.
+  -u                            Force hostsblock to update its target file, even if no changes to source files are found
+```
+
+### hostsblock [OPTIONS] -c URL - Check if URL and other urls contained therein are blocked
+
+With the `-c URL` flag option, hostsblock will check to see if the specified URL is presently blocked or not, and then prompt the user for action (e.g. to block, unblock, or leave as-is).
+It will then prompt if it should inspect the URLs contained on the page summoned by the original URL, and likewise prompt the user what to do.
+
+The other flags (e.g. `-f`, `-q`, `-v`) except for `-u` (which is ignored) remain available when using `-c URL`.
+
+This option replaces the `hostsblock-urlcheck` script, which now comprises a symlink to `hostsblock` that automatically triggers `-c URL`.
+
+Example:
+`sudo -u hostsblock hostsblock -c "http://www.example.com"`
+
+This will check to see if "http://www.example.com" is blocked by hostsblock. If it is, it will tell the user which blocklist is responsible, and prompt as to whether it should continue blocking it or unblock it.
+If "http://www.example.com" is NOT blocked, hostsblock will ask if it should block it.
+Should the user decide to change the status of "http://www.example.com", it will place entries into either its whitelist or blacklist and then recompile the target HOSTS file, executing any postprocessing routines laid out in `hostsblock.conf`.
 
 ## FAQ
 

pkg/PKGBUILD → aur/PKGBUILD

@@ -1,27 +1,26 @@
-# Maintainer: Jake VanderKolk <jakevanderkolk@gmail.com>
+# Maintainer/Originator: Jake VanderKolk <jakevanderkolk@gmail.com>
 pkgname=hostsblock
-pkgver=0.999.3
+pkgver=0.999.4
 pkgrel=1
-pkgdesc="A script and cronjob that downloads, sorts, and installs multiple ad- and malware-blocking hosts files."
+pkgdesc="A script that downloads, sorts, and compiles multiple ad- and malware-blocking hosts files."
 arch=(any)
 url="http://gaenserich.github.com/hostsblock/"
 license=('GPL')
-depends=(bash curl grep sed coreutils)
+depends=(bash curl grep sed coreutils gzip)
 optdepends=('dnsmasq: helps speed up DNS resolutions'
 	    'pixelserv: removes boilerplate page on blocked urls'
 	    'kwakd: removes boilerplate page on blocked urls (recommended)'
 	    'unzip: allows the use of zipped downloads'
 	    'p7zip: allows the use of 7zipped downloads'
-            'gzip: allows compression of old blockfile')
-backup=('etc/hostsblock/hostsblock.conf' 'etc/hostsblock/black.list' 'etc/hostsblock/white.list' 'etc/hostsblock/hosts.head')
+            'pigz: improves performance of gzip operations')
+backup=('var/lib/hostsblock/hostsblock.conf' 'var/lib/hostsblock/black.list' 'var/lib/hostsblock/white.list' 'var/lib/hostsblock/hosts.head')
 changelog=$pkgname.changelog
 install=$pkgname.install
-source=('hostsblock.sh' 'hostsblock-urlcheck.sh' 'hostsblock-common.sh' 'hostsblock.conf' 'black.list' 'white.list' 'hosts.head' 'hostsblock.service' 'hostsblock.timer')
-
-md5sums=('c37b64ca1e12e349f33e851bd1c0d0cc'
-         'bb20bfab3bfa04a1972d7183e21a2f3b'
-         'fdc94ce8efafba10ae262a6396e2236c'
-         'e1cbc1bf4b93cb0e82662a84bdf6db63'
+source=('hostsblock.sh' 'hostsblock.conf' 'black.list' 'white.list' 'hosts.head' 'hostsblock.service' 'hostsblock.timer')
+sha1sums=('c37b64ca1e12e349f33e851bd1c0d0cc'
+         'befb6ba1997af9b60c22ffc1ac1b51bc'
+         '5dd054e334343338b7f4e550b39fc6dc'
+         'ae9e36a9c77780306fa48d10684f71fd'
          '216d5af213e0eb3690ea3c27d4cc6258'
          '3a6ea9f5b0eef002b6ca1dd57388d78a'
          '949af91b7a40582de127eb43a96f001e'
@@ -30,13 +29,11 @@ md5sums=('c37b64ca1e12e349f33e851bd1c0d0cc'
 
 package() {
   install -Dm744 "$srcdir"/hostsblock.sh "$pkgdir"/usr/bin/hostsblock
-  install -Dm744 "$srcdir"/hostsblock-urlcheck.sh "$pkgdir"/usr/bin/hostsblock-urlcheck
-  install -Dm644 "$srcdir"/hostsblock-common.sh "$pkgdir"/usr/lib/hostsblock-common.sh
+  ln -sf "$pkgdir"/usr/bin/hostsblock "$pkgdir"/usr/bin/hostsblock-urlcheck
   install -Dm644 "$srcdir"/hostsblock.conf "$pkgdir"/etc/hostsblock/hostsblock.conf
   install -Dm644 "$srcdir"/black.list "$pkgdir"/etc/hostsblock/black.list
   install -Dm644 "$srcdir"/white.list "$pkgdir"/etc/hostsblock/white.list
   install -Dm644 "$srcdir"/hosts.head "$pkgdir"/etc/hostsblock/hosts.head
   install -Dm644 "$srcdir"/hostsblock.service "$pkgdir"/usr/lib/systemd/system/hostsblock.service
   install -Dm644 "$srcdir"/hostsblock.timer "$pkgdir"/usr/lib/systemd/system/hostsblock.timer
 }
-

pkg/hostsblock.changelog → aur/hostsblock.changelog

@@ -1,5 +1,13 @@
 See https://github.com/gaenserich/hostsblock/commits/master for a complete list of updates
 
+Version 0.999.4 (Alpha 4) (07.23.2017)
+*Massive simplification of script, removing excess verbosity options, combining hostsblock.sh with hostsblock-urlcheck.sh
+*Mandate that hostsblock now runs as unpriviledged user, i.e. 'hostsblock' (see hostsblock.conf)
+*Mandate the use of gzip for annotation file and HOSTS file backup
+*Now uses /var/lib/hostsblock as its default configuration and /var/lib/hostsblock/cache as its default cache directories (to aid with priviledge containment).
+*Removed repetitive grep calls with single grep call with multiple "-e" options.
+*For performance improvements, replaced regex-aware grep with grep -F when regex not needed.
+
 Version 0.999.3 (Alpha 3) (30.10.2015)
 *Added more optional source files to hostsblock.conf. Added user agent info to curl to make work with more sites. Sanitized hostsblock.conf file a little bit.
 *Added function to force target file update even if no changes are found to source files

aur/hostsblock.install

@@ -0,0 +1,48 @@
+add_user_group() {
+    _changed=0
+    if getent passwd | grep -q "^hostsblock:"; then
+        true
+    else
+        _changed=1
+        useradd -d /var/lib/hostsblock -c "hostsblock" -m -U hostsblock
+    fi
+    if getent group | grep -q "^hostsblock:"; then
+        true
+    else
+        _changed=1
+        groupadd hostsblock
+    fi
+    if [ $_changed == 1 ]; then
+        gpasswd -a hostsblock hostsblock
+        gpasswd -A hostsblock hostsblock
+        chmod 750 /var/lib/hostsblock
+        chmod -R 640 /var/lib/hostsblock/*
+        chown -R hostsblock:hostsblock /var/lib/hostsblock
+    fi
+}
+post_install() {
+  add_user_group
+
+  cat << EOF
+As of 0.999.4, hostsblock requires additional sudo permissions.
+Please see https://github.com/gaenserich/hostsblock for details.
+EOF
+}
+
+post_upgrade() {
+  add_user_group
+
+  cat << EOF
+As of 0.999.4, hostsblock requires additional sudo permissions.
+Please see https://github.com/gaenserich/hostsblock for details.
+EOF
+}
+
+post_remove() {
+    userdel hostsblock
+    groupdel hostsblock
+    cat << EOF
+hostsblock's configuration and cache directory (/var/lib/hostsblock) has not been removed.
+
+You should now remove the entries you put into sudoers (via sudo visudo) for hostsblock.
+EOF